In this CoinDesk 2016 in Review special feature, CoinDesk contributor Frederick Reese gives an overview of regulatory developments that shaped the year that was, and that look to be setting the stage for 2017.

In 2016, the dangers presented by an increasingly digital world clearly were on display. A cyber-attack using an army of Internet of Things devices interfered with the operations of major commercial websites. And the Presidential Election was plagued with allegations of state-sponsored cybersecurity hacking (for which the Obama Administration just issued sanctions against the Russian government). Cybersecurity threats are unlikely to cede the spotlight in the coming year. Indeed,Marcel Lettre, the Undersecretary of Defense for Intelligence recently described cybersecurity as a “political, economic, diplomatic and military challenge” that is “evolving and growing more acute over time.”

A thorough risk assessment is prudent for any organization, but is particularly essential for companies in the healthcare industry. Protecting patient data is important, and failing to have robust security measures can shut down facilities and have life-or-death ramifications.

However, implementing industry-standard cybersecurity practices can inhibit clinicians’ work, also leading to life-and-death consequences. For example, systems that prevent log-ins if clinicians are logged in elsewhere can interrupt or delay surgeries. That is why I feel that cybersecurity professionals should spend quality time with their healthcare clients, conducting in-depth interviews and visiting their workplaces, to develop cybersecurity measures that balance clinicians’ vital workflow operations with security and patient privacy.

Financial Services Superintendent Maria T. Vullo recently announced that the New York State Department of Financial Services (DFS) has updated its proposed first-in-the-nation cybersecurity regulation to protect New York State from the ever-growing threat of cyber-attacks. The proposed regulation, which will be effective March 1, 2017, will require banks, insurance companies, and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.

Devil being in the details, and all that, the US Commerce Department’s Bureau of Industry and Security (BIS) tried to translate “intrusion software” into an actual, enforceable regulation. We’ll let Engadget take it from here: “It ignited an online firestorm of meltdowns, freakouts, and vicious infighting within the most respected circles of hacking and computer security. That’s because the new rules change the classification of intrusion software and Internet Protocol (IP) network communications surveillance – setting in motion a legal machine that might see penetration-testing tools, exploits, and zero-days criminalized.”